CyberWire Daily — Strategic Approaches to Talent: A Practical Guide (CISO Perspectives)

Date: March 20, 2026
Host: Kim Jones (N2K Networks)
Guest: Jeff Walden, CEO & Founder of Skillrex

Episode Overview

This episode of CISO Perspectives, hosted by Kim Jones, dives into how security leaders can and should approach cybersecurity talent strategically. It builds on ongoing discussions about the challenges in the cyber talent ecosystem, with a special focus on bridging the gap between operational and strategic thinking in recruiting, developing, and retaining cyber professionals. Kim’s guest, Jeff Walden of Skillrex, offers deep market insights and practical strategies for making workforce planning data-driven, holistic, and future-focused.

Key Discussion Points and Insights

1. The Host’s Journey: Building Strategic Talent Programs

(00:11–09:43)

• Kim Jones recounts a recent corporate experience:
  • He was tasked with standardizing the hiring of security talent—beyond mere recruiting, considering attraction, integration, training, and retention.
  • Discovered wide misalignment between job descriptions and standard frameworks (like NICE); less than 70% mapped to standard KSAEs (Knowledge, Skills, Abilities, Experience).
  • Warned that non-standard descriptions made internal advancement viable only within the company, potentially hurting broader career mobility.
• Marketing & Visibility Challenges:
  • Security professionals weren’t being promoted as subject matter experts outside, and speaking at conferences was mired in red tape.
  • It took months to streamline approval for external presentations.
• Training Hurdles & Solutions:
  • Budgets existed, but using them wisely was challenging.
  • Kim mapped job KSAEs to external training to target the most relevant upskilling opportunities and negotiated bulk contracts accordingly.
• Key Takeaway: Strategic, KSAE-anchored talent management is rare—and often regarded as revolutionary, even when it's basic good practice.

Notable Quote:

“No one has ever asked us to do this before. Most security organizations have a somewhat bipolar relationship with skills and training.”
— Kim Jones (08:46)

2. Why the Industry Lags: Realities and Excuses

(13:15–18:13)

• Market Realities:
  • Talent management is only a slice of the overall cybersecurity workforce ecosystem.
  • Strategic CISOs are the minority—many are still reactive.
  • Even with awareness, budgetary and organizational inertia persist.
• Challenge:
  • Many leaders see training as a “perk” rather than a foundational necessity for organizational resilience.
  • The prevailing industry paradigm is “talent theft” rather than self-sufficient growth.

Notable Exchange:

Kim Jones [17:35]: “We end up in a situation to say, if I want more budget, I need to show the value proposition associated with the training... So when I hear that my hands are tied, my counterpoint is ... you really aren't thinking about the problem strategically.”
Jeff Walden [17:49]: “I think you’re right, and I think it’s a value prop issue mostly... It’s hard to communicate up to the executive suite and board why that investment has dividends.”

3. Data-Driven Talent Assessment: “Moneyball” for Cybersecurity

(18:32–23:19)

• The Moneyball Analogy:
  • Inspired by baseball’s sabermetrics, Jeff calls for a comprehensive, data-driven model that moves beyond individual skill gaps to departmental and organizational workforce analysis.
  • Metrics should include applicant tracking, time-to-hire, retention, culture—and be correlated for actionable insights.
• Beyond Training:
  • The right data can highlight whether issues are due to recruiting, skill gaps, or culture—guiding strategic investment.

Notable Quote:

“Cyber as a profession... needs to kind of take a different statistical approach to the entire ecosystem, not just on skill gap data... But we can take data and metrics from applicant tracking systems, time to hire, all the way down to retention and culture issues.”
— Jeff Walden (21:12)

4. Cybersecurity’s Unique Workforce Challenge

(23:19–27:12)

• Comparisons to IT & Other Professions:
  • Is cybersecurity really special?
  • Jeff argues every field could benefit from data-driven talent strategies, but cyber is uniquely challenged by rapid technological change and its relative youth as a profession.
• The HR Disconnect:
  • Unlike more established corporate departments, cybersecurity often lacks adequate HR/L&D support.
  • The result: cybersecurity teams are largely responsible for their own talent management, stretching them thin and perpetuating workforce issues.

“There has been for quite some time now this distance between L&D, cyber, and HR... the HR team thinks they have their hands around this; the cyber team feels they’re doing 95% of it.”
— Jeff Walden (25:00)

5. The Convergence Problem: Why Aren’t We Standardized?

(31:21–33:28)

• Standardization Blockers:
  • A persistent reluctance to converge on job role definitions (KSAEs) and frameworks like NICE.
  • CISOs and hiring managers often believe their needs are unique, slowing consensus and interoperability.
  • Proliferation of competing frameworks (European, Australian, Saudi, etc.) complicates mobility and benchmarking.

6. Making the Business Case for Investment

(33:28–36:44)

• Articulating ROI:
  • Start with detailed work role analysis (“pebble in the pond” analogy), then map expectations to training and skills gaps.
  • Focus training dollars only on real needs, maximizing business returns and minimizing wasted effort.
  • Over time, metrics can prove reduced recruitment costs, higher internal mobility, and overall efficiency.

7. A New Agricultural Analogy: “Big Ag” for Cyber

(37:27–40:22)

• Sensors, Treatments, Yields, Sustainability:
  • Drawing on data-driven farming, Jeff outlines how sensors (labor market, HRIS, LMS data), treatments (skills assessments, mentorships, learning paths), and measurement of yields (mobility, proficiency, retention) can inform a more sustainable talent management strategy.
  • Sustainability means long-term, year-over-year improvement, not just one-off fixes.

Notable Quote:

“If we’re thinking about big ag and sensors... we have that in cyber too: ATSs, labor market data, HRIS systems, LMS systems... We have a lot of different treatments in cyber to make improvements to our harvest—our people."
— Jeff Walden (39:10)

Memorable Moments & Quotes

• “Failing to plan is planning to fail. This truism also applies to talent and training.” — Kim Jones (08:23)
• “We have to link the pieces of the talent chain together if we ever wish to break out of the non-virtuous talent theft cycle.” — Kim Jones (08:33)
• “The convergence is the problem... We will continue to spiral and spin wheels in our own opinions on how to manage it on our own.” — Jeff Walden (33:00)

Important Timestamps

• 00:11–09:43 — Kim’s journey building a strategic talent program
• 13:15–18:13 — Market realities: why strategic talent thinking is rare
• 18:32–23:19 — Moneyball analogy: metrics-driven workforce planning
• 23:19–27:12 — What’s unique about cybersecurity; HR/cyber disconnect
• 31:21–33:28 — Standardization and convergence issues in frameworks
• 33:28–36:44 — The business value of strategic talent investment
• 37:27–40:22 — Agricultural (“Big Ag”) analogy for sustainable talent management

Conclusion

This episode presents a compelling, practical roadmap for security leaders seeking to escape the cycle of reactive hiring and “talent theft.” True progress requires:

• Embracing data-driven, standardized KSAE frameworks.
• Building partnerships with HR/L&D—but being ready to lead if needed.
• Focusing on targeted, measurable training and long-term workforce sustainability.
• Adopting a holistic, “agricultural” mindset: plan, measure, treat, and continually improve your people.

Final Word:

“We have a lot of different treatments that we use in cyber to make improvements to our harvest, our harvest being our people.”
— Jeff Walden (39:37)